TUM Logo

Fuzzing Framework for Configuration Interfaces

Fuzzing Framework for Configuration Interfaces

Supervisor(s): Nisha Jacob, Dieter Schuster
Status: open
Topic: Monitoring (VMI etc.)
Type of Thesis: Masterthesis
Thesis topic in co-operation with the Fraunhofer Institute for Applied and Integrated Security AISEC, Garching


Embedded systems typically include different interfaces for debug and configuration of a device.
One such widely deployed configuration and debug port is the JTAG interface. In-spite of being a
standardised interface, JTAG can be extended to include hidden vendor-specific functionality. These
extensions are typically included to provide manufacturers better debugging capabilities but they
could also be exploited and pose a threat to the overall system security.
Your task would be to integrate common software fuzzing frameworks like American Fuzzing Lop [1]
or BooFuzz [2] for the JTAG interface to find and analyse the scope of such functionalities on the
overall system security.

  1.  American Fuzzing Lop - http://lcamtuf.coredump.cx/afl/
  2. BooFuzz - https://boofuzz.readthedocs.io/


  • Good programming skills
  • Basic knowledge in security concepts
  • Basic knowledge on using lab equipment 
  • Creativity and independent working style


Nisha Jacob
Telefon: +49 89 322-9986-116
E-Mail: nisha.jacob@aisec.fraunhofer.de

Dieter Schuster
Telefon: +49 89 322-9986-134
E-Mail: dieter.schuster@aisec.fraunhofer.de